Richard Stiennon

Latest Posts

Last bastion of trust falls

Last bastion of trust falls

IT security practices have always been dominated by trust, often myopically. Specialized applications are still deployed with the assumption that end users, be they customers, contractors, or employees, would not attempt to abuse that trust.

published July 19, 2007 by

Comments

UTM in Asia

UTM in Asia

I have UTM on my mind. As I travel through Asia these two weeks I am meeting with journalists, analysts, and large telecom providers and they all want to debate UTM (Unified Threat Management).

published July 17, 2007 by

Comments

Your DBA has his/her hand in the till

Your DBA has his/her hand in the till

I have written and pontificated often enough on the dangers of trusted employees. One of the biggest shifts underway in the threatscape is due to the increased value of personal identity information and the emergence of markets for that information.

published July 10, 2007 by

Comments

Differences

Differences

I am gaining interesting insights into differences in technology adoption as I travel to various parts of the world. Today I am in Beijing where I have met with customers, prospects, analysts, and journalists.

published July 8, 2007 by

Comments

Schneier on ID theft

Schneier on ID theft

I am attending the IT Security Summit 2007 here in Johannesburg this week. It’s a busy week for conferences with Interop in Vegas and AusCERT in session in Australia.

published May 23, 2007 by

Comments

Hactivism or information warfare?

Hactivism or information warfare?

Just as the term "cyber terrorism" gets linguists all riled up, "information warfare" is sure to elicit the wrath of security pundits and bloggers alike. While I will be the first to acknowledge that cyber terrorism is a problematic term (no loss of life or limb from shutting down an Internet service), I do ask what do you call it when terrorist organizations engage in hacking and cyber crime?

published May 12, 2007 by

Comments

Spoofing NAC

Spoofing NAC

Remember Stiennon's first law of network security?  It is:  Thou shalt not trust an end point to report its own state.

published April 2, 2007 by

Comments

That's a lot of credit cards

That's a lot of credit cards

The TJX data breach story keeps growing.  I hope everyone can tell the difference between a false alarm data breach like the laptop theft at the VA that got so much attention and the Card Systems International breach and now the TJX incident.

published March 22, 2007 by

Comments

Competitive intelligence gathering

Competitive intelligence gathering

The world of CI (competitive intelligence) spans the spectrum from analytical data gathering to seamy shoulder surfing and of course the use of custom Trojan horses.  This article in Forbes describes how you can get insight into a company's future product plans by researching their job postings.

published March 20, 2007 by

Comments

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.

Top Stories